Configuring WikiMedia for an Active Directory based intranet – Part 3

A while ago, I wrote a post about setting up MediaWiki as an intranet for my non-profit organization. Not wanting to burden people with yet another set of login credentials, I set the wiki to authenticate off of our Active Directory server using the LDAPauthentication extension. At the time (version 1.0 f), the documentation for Windows and AD was spotty and I was glad to add the results of my trials and errors. One thing I was never able to do was have the user prefs (full name and email) pulled from the AD to the wiki user profile.

Since then, the extension has been updated to 1.1d and that feature is more readily available. There are new instructions for configuring an AD server on the Configurations Examples page. To my original code in LocalSettings.php;

Success! Now the full name and email address appear in Special:Preferences after a user successfully logs in. Finally I can have closure.

Or not. Apparently this works for domain users who have already logged onto the wiki prior to the update, but not those created afterwards. Those users get a Internal Error page with a password-change-forbidden message. Luckily, some intrepid techies had found a solution and posted it (albeit cryptically) on the LDAPAuthentication discussion page. If you have version 1.1d you only need to make changes to the SpecialUserLogin.php in the Includes directory.

Since I don’t have access to the Patch util in Windows, I had to update the file by hand. To do that, make a backup first. Open SpecialUserLogin.php and find the function initUser (lines 309 to 323). Replace the entire function with the the following code.

13 thoughts on “Configuring WikiMedia for an Active Directory based intranet – Part 3”

Hi Eric..
Thanks a ton for your posts..guided me through rough waters.. just a final step left.
i’m getting this error after clicking login
start-tls]: Unable to start TLS: Server is unavailable in C:\xampp\htdocs\mediawiki\includes\LdapAuthentication.php on line 165
though i’m able to ping the LDAP server through the command prompt.
Also,how do i get the contents block on the top of every page ?

is domain authentication possible using LAMP?
I dont have the possibility to install wiki on IIS/windows however i am using MS Active Directory.
I tried your config and logging in fails.
Any help please?

Another commenter, finally helped me figure out how to automatically pull the users name and email for the preferences page. It seems that the syntax should be;
$wgLDAPRetrievePrefs = array( “something.org”=>”true” );
That worked wonderfully.

This helps a lot, thanks!
Now, since we are using LDAP, and already have a known good email, any way to get rid of the “confirm email” additional step to receive watch notifications and the like? I would like to assume each new user to our wiki has a valid email.

This helps a lot, thanks!
Now, since we are using LDAP, and already have a known good email, any way to get rid of the “confirm email” additional step to receive watch notifications and the like? I would like to assume each new user to our wiki has a valid email.

thanks a lot.. post is extremely helpful.
After 5 hours f@%*!g with it I was able to make it work on CentOS 5.1 Linux. Thanks to your post.
The only thing I was unable to do is SSL Encryption.
I’m using latest version of LdapAuthentication.php (v1.2a), but SSL is not working…
too tired to continue working on it though..
…must sleep..
X(

Thanks a lot. Its a great feature. But how can i configure it for all users?
$wgLDAPSearchStrings = array( “myDomain”=>”myDomain\\USER-NAME” );
$wgLDAPSearchStrings = array( “myDomain”=>”myDomain\\cn” );